Context
The audit-recorder module (`src/workers/continuum-core/src/cognition/audit.rs`, shipped via #1344) currently uses a SHA-256 chain hash for tamper detection. The module's own doc comment is explicit:
"This is NOT cryptographic signing — anyone with write access to the file can append valid entries. The contract is 'tampering is detectable,' not 'tampering is prevented.' Asymmetric signing lands when there's a per-node identity key to sign with."
This is honestly deferred — not silently elided. But it leaves protection invariant P1 (mathematical trust) from `PERSONA-COGNITION-CONTRACT.md` only partially honored: tamper detection exists, tamper prevention doesn't.
What
Upgrade the audit-recorder's per-entry attestation from chain hash to Ed25519 signing:
- Sign the entry's `(seq || timestamp_ms || kind || payload || prev_chain_hash)` tuple with the substrate instance's per-node identity key.
- Append signature to `AuditEntry` as `signature: Vec`.
- Verification: `read_audit_log` checks signature against the instance's published public key.
Blocker
Requires the continuum-core to have a per-node identity key. This is currently absent — substrate identity is bootstrapped per-process. Lane to track: an identity-bootstrap PR, separate from this issue.
Definition Of Done
- Per-node identity key generated on first boot, persisted to `~/.continuum/identity/node.key`.
- `AuditChain::append` signs each entry; verifier rejects entries with invalid signatures via typed `AuditError::SignatureInvalid`.
- `PERSONA-COGNITION-CONTRACT.md` P1 invariant test passes against a tampered entry's signature.
- Backwards-compat: existing SHA-256-only chains continue to verify against the legacy path until a configurable migration window closes.
Related
Context
The audit-recorder module (`src/workers/continuum-core/src/cognition/audit.rs`, shipped via #1344) currently uses a SHA-256 chain hash for tamper detection. The module's own doc comment is explicit:
This is honestly deferred — not silently elided. But it leaves protection invariant P1 (mathematical trust) from `PERSONA-COGNITION-CONTRACT.md` only partially honored: tamper detection exists, tamper prevention doesn't.
What
Upgrade the audit-recorder's per-entry attestation from chain hash to Ed25519 signing:
Blocker
Requires the continuum-core to have a per-node identity key. This is currently absent — substrate identity is bootstrapped per-process. Lane to track: an identity-bootstrap PR, separate from this issue.
Definition Of Done
Related